PRIVACY POLICY

Last updated: 17 August 2025

 

We value your privacy and are committed to protecting your personal data. This policy explains how we collect, use, store, and share your information when you interact with KGSS Technology Limited t/a Online Spy Shop (“we”, “us”), and how we keep it secure.

We process personal data in accordance with:

​

⏺ US General Data Protection Regulation (US GDPR).

​

⏺ Data Protection Act 2018.

​

⏺ Privacy and Electronic Communications Regulations (PECR).

​

⏺ Data (Use and Access) Act 2025 (DUAA) – introducing new provisions on recognised legitimate interests and phased implementation (2025–2026).

 

​

PERSONAL DATA WE COLLECT

​

We may collect the following types of data:

​

⏺ Identity & contact details – name, address, email, telephone.

​

⏺ Order information – items purchased, delivery address, payment status.

​

⏺ Account details – login credentials, saved preferences.

​

⏺ Payment & transaction data – processed securely by our payment provider Mollie B.V. (independent controller for payment data; see their privacy notice).

​

⏺ Device & usage data – IP address (truncated where possible), operating system, browser type & version, pages visited, time zone setting and location, and other device details.

​

⏺ Communications – emails, phone calls, support requests.

​

⏺ Review submissions – if you submit feedback .

​

⏺ Marketing preferences – your choices for receiving email updates.

​

We do not knowingly collect data from children under 18. If we discover we have collected personal data from anyone under 18, we will delete it.

 

HOW WE USE YOUR DATA AND LAWFUL BASIS

 

We only process your data where we have a lawful basis under US law.

Main purposes:

​

⏺ Fulfilling your order – Contract.

​

⏺ Processing payments & fraud prevention – Contract & Legitimate Interests.

​

⏺ Delivering your purchase – Contract.

​

⏺ Customer support – Legitimate Interests.

​

⏺ Product reviews – Legitimate Interests.

​

⏺ Email marketing to customers – Legitimate Interests (soft opt-in under PECR) for existing customers and similar products only; opt-out available at collection and in every email. We do not use bought-in marketing lists.

​

⏺ Email marketing to non-customers – Consent.

​

⏺ Analytics & site improvements

​

⏺ Legal compliance – Legal Obligation (e.g., tax records, fraud prevention).

 

We keep your data for only as long as necessary:

​

⏺ Orders: 6 years (tax/legal).

​

⏺ Customer accounts: Until deletion request OR 6 years of inactivity.

​

⏺ Email communications: 12 months.

​

⏺ Marketing: Until unsubscribed OR 24 months of inactivity.

​

⏺ Reviews: 3 years (or platform rules).

​

⏺ Cookies: see section 7.

Some records (e.g., security logs) may be retained longer for security, dispute resolution, or compliance.

 

SHARING YOUR DATA

​

We never sell your data. We share it only with:

​

⏺ Mollie B.V. – secure payments & fraud checks (independent controller).

​

⏺ Delivery partners: trusted couriers for order fulfilment.

​

​

⏺ IT, hosting & security providers – to run and protect our site.

Each third party is contractually bound to protect your data. We disclose information if required by law or in legal proceedings. If the business is sold or integrated, your details may transfer to new owners; you will be informed of any such change.

 

SOCIAL MEDIA

​

If you post or comment about us on social media (for example, our Facebook page), your content will be shared under that platform’s own terms and may be public. We don’t control these platforms, so please check their privacy policies to see how they use your data and how you can change your settings.

​

Any review, post, or comment you make about us, our products or services on social media or community sites will be visible to others. Please keep your comments respectful and lawful — you’re responsible for what you post.

 

BLOG SUBMISSIONS

​

If you leave a comment on our blog, we’ll store the details you provide (name, email), your IP address, and the date/time of posting. Your name will appear publicly, but we won’t share your details with third parties.

Comments stay on the site until we remove them or delete the related blog post. 

 

COOKIES AND SIMILAR TECHNOLOGIES

​

A “cookie” is a piece of information stored on your computer, tablet or smartphone when you visit our website. We use cookies to make our website work and, with your permission, to improve your experience. When you revisit our website, it can give you tailored options based on the information it has stored about your last visit. Cookie consent is stored and can be revisited at any time via your site’s banner/settings.

​

Our cookie banner lets you Accept all, Reject all, or Manage choices. We only set non-essential cookies if you consent.

Cookie types:

​

⏺ Essential – basket, checkout, login/session, fraud prevention, site preferences.

​

⏺ Functional – personalise content, remember preferences.

​

⏺ Marketing – show offers, updates, or adverts that may be relevant.

​

COOKIE FACTS – THE HELPFUL SIDE OF COOKIES

 

Cookies aren’t all bad. Without them, online shopping would be a frustrating experience. Here’s why:

​

⏺ They remember your basket, so you don’t start over every time.

​

⏺ They keep checkout secure and help prevent fraud.

​

⏺ They help us fix broken pages by showing where people get stuck.

​

⏺ They let us improve products and offers based on real use.

For further information,

 

8. YOUR PRIVACY RIGHTS

You have the right to:

⏺ Access your data (Data Subject Access Request – DSAR).

⏺ Rectify incorrect data.

⏺ Erase your data.

⏺ Restrict or object to processing.

⏺ Withdraw consent (where given).

⏺ Data portability.

If we ask you to clarify your DSAR or verify identity, the one-month period pauses until we receive that information. For complex requests, we may extend by up to two months; you will be notified within one month.

 

SECURITY MEASURES

​

We use:

​

⏺ Encrypted connections (TLS 1.2+).

​

⏺ PCI-DSS compliant payment processing in compliance with PCI-DSS v4.0 requirements, including sections 6.4.3 and 11.6.1 (effective from 31 March 2025).

​

⏺ Encrypted storage for sensitive data.

​

⏺ Access controls & monitoring.

​

⏺ Incident response procedures.

 

DATA BREACHES

​

If we experience a personal data breach likely to result in a risk to your rights and freedoms, we will notify the ICO without undue delay and, where feasible, within 72 hours. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay.

 

11. HOW TO COMPLAIN

Please contact us first so we can try to resolve the issue: 

If you are not satisfied, you can complain to the Information Commissioner’s Office 

 

12. POLICY UPDATES

We review this policy regularly. Changes will be posted here with an updated “Last updated” date.